- missing error exit code from signing password checking (#496754)

- dont fail build on unrecognized data files (#532489)
- dont try to parse subkeys and secret keys (#436812)
- fix chmod test on selinux, breaking %%{_fixperms} macro (#543035)
This commit is contained in:
Panu Matilainen 2009-12-04 09:32:33 +00:00
parent 4203349708
commit 4a8173e79b
5 changed files with 153 additions and 1 deletions

View File

@ -0,0 +1,24 @@
diff -up rpm-4.7.2/configure.ac.chmod-test rpm-4.7.2/configure.ac
--- rpm-4.7.2/configure.ac.chmod-test 2009-11-25 09:19:30.000000000 +0200
+++ rpm-4.7.2/configure.ac 2009-12-04 11:23:39.000000000 +0200
@@ -61,7 +61,7 @@ AC_MSG_CHECKING(POSIX chmod)
touch foo.chmodtest
chmod 744 foo.chmodtest
chmod +X foo.chmodtest 2>/dev/null
-a=`ls -l foo.chmodtest | awk '{print $1}'`
+a=`ls -l foo.chmodtest | awk '{print substr($1,1,10)}'`
rm -f foo.chmodtest
if test "$a" = "-rwxr-xr-x"; then
AC_MSG_RESULT(yes)
diff -up rpm-4.7.2/configure.chmod-test rpm-4.7.2/configure
--- rpm-4.7.2/configure.chmod-test 2009-12-04 11:24:06.000000000 +0200
+++ rpm-4.7.2/configure 2009-12-04 11:24:51.000000000 +0200
@@ -17626,7 +17626,7 @@ $as_echo_n "checking POSIX chmod... " >&
touch foo.chmodtest
chmod 744 foo.chmodtest
chmod +X foo.chmodtest 2>/dev/null
-a=`ls -l foo.chmodtest | awk '{print $1}'`
+a=`ls -l foo.chmodtest | awk '{print substr($1,1,10)}'`
rm -f foo.chmodtest
if test "$a" = "-rwxr-xr-x"; then
{ $as_echo "$as_me:$LINENO: result: yes" >&5

View File

@ -0,0 +1,37 @@
commit 6eeb0bb06466d9eb75eb55efd514d3ecfe089042
Author: Panu Matilainen <pmatilai@redhat.com>
Date: Wed Nov 25 15:07:17 2009 +0200
We can't handle OpenPGP subkeys or secret keys, so dont even try
- parsing subkeys ends up overwriting data in the main key, causing
bogus signature checking failures
- this is the final missing piece of RhBug:436812, short of adding
proper support for subkeys (maybe someday...)
(cherry picked from commit 98213fc4192c7af07037a0f3e9cce9e3b8509c02)
diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
index d7bbb5e..f76fc2b 100644
--- a/rpmio/rpmpgp.c
+++ b/rpmio/rpmpgp.c
@@ -1190,11 +1190,6 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
else
memset(_digp->signid, 0, sizeof(_digp->signid));
}
- case PGPTAG_PUBLIC_SUBKEY:
- rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
- break;
- case PGPTAG_SECRET_KEY:
- case PGPTAG_SECRET_SUBKEY:
rc = pgpPrtKey(tag, h, hlen, _dig, _digp);
break;
case PGPTAG_USER_ID:
@@ -1205,6 +1200,9 @@ static int pgpPrtPkt(const uint8_t *pkt, size_t pleft,
rc = pgpPrtComment(tag, h, hlen);
break;
+ case PGPTAG_PUBLIC_SUBKEY:
+ case PGPTAG_SECRET_KEY:
+ case PGPTAG_SECRET_SUBKEY:
case PGPTAG_RESERVED:
case PGPTAG_PUBLIC_SESSION_KEY:
case PGPTAG_SYMMETRIC_SESSION_KEY:

View File

@ -0,0 +1,43 @@
commit fa9fcc89146f08bce3b51d96d0ec9d4175db6978
Author: Panu Matilainen <pmatilai@redhat.com>
Date: Thu Nov 26 10:22:41 2009 +0200
Dont fail build on unrecognized non-executable files (ticket #105)
- Generally only executable files are critical for dependency extraction,
whereas oddball application data files can cause unnecessary build
failure due to libmagic misdetections etc, so just let non-executables
pass with a warning and mark them as unknown data
(cherry picked from commit cfcd1f9bd98d5d0fc46a84931984efec3b9d47e2)
diff --git a/build/rpmfc.c b/build/rpmfc.c
index bcb5383..e4ba6b2 100644
--- a/build/rpmfc.c
+++ b/build/rpmfc.c
@@ -1245,6 +1245,7 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
for (fc->ix = 0; fc->ix < fc->nfiles; fc->ix++) {
const char * ftype;
rpm_mode_t mode = (fmode ? fmode[fc->ix] : 0);
+ int is_executable = (mode & (S_IXUSR|S_IXGRP|S_IXOTH));
s = argv[fc->ix];
slen = strlen(s);
@@ -1277,11 +1278,16 @@ rpmRC rpmfcClassify(rpmfc fc, ARGV_t argv, rpm_mode_t * fmode)
ftype = magic_file(ms, s);
if (ftype == NULL) {
- rpmlog(RPMLOG_ERR,
+ rpmlog(is_executable ? RPMLOG_ERR : RPMLOG_WARNING,
_("Recognition of file \"%s\" failed: mode %06o %s\n"),
s, mode, magic_error(ms));
- magic_close(ms);
- return RPMRC_FAIL;
+ /* only executable files are critical to dep extraction */
+ if (is_executable) {
+ magic_close(ms);
+ return RPMRC_FAIL;
+ }
+ /* unrecognized non-executables get treated as "data" */
+ ftype = "data";
}
}

View File

@ -0,0 +1,34 @@
commit 31c5e0f9b7b09661611b50d84d26ba47ce97fffe
Author: Panu Matilainen <pmatilai@redhat.com>
Date: Wed Nov 25 16:42:43 2009 +0200
Fix signature password checking result on abnormal conditions (RhBug:496754)
- Execve() failure wasn't returning an error code, causing rpm to
think the password was ok when we couldn't even try verifying
- Stricter return code checking from the password checking child:
the password can only be ok if the child exits with WIFEXITED() *and*
WIFEXITCODE() of 0. Also WIFEXITCODE() should only be called if
WIFEXITED() returns true.
(cherry picked from commit 2b41860984f0c4ebba5ebce93a18c9c0ca5e1065)
diff --git a/lib/signature.c b/lib/signature.c
index a501f3e..a2eaf9b 100644
--- a/lib/signature.c
+++ b/lib/signature.c
@@ -883,6 +883,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
rpmlog(RPMLOG_ERR, _("Could not exec %s: %s\n"), "gpg",
strerror(errno));
+ _exit(EXIT_FAILURE);
} break;
case RPMSIGTAG_RSA:
case RPMSIGTAG_PGP5: /* XXX legacy */
@@ -932,7 +933,7 @@ static int checkPassPhrase(const char * passPhrase, const rpmSigTag sigTag)
(void) waitpid(pid, &status, 0);
- return ((!WIFEXITED(status) || WEXITSTATUS(status)) ? 1 : 0);
+ return ((WIFEXITED(status) && WEXITSTATUS(status) == 0)) ? 0 : 1;
}
char * rpmGetPassPhrase(const char * prompt, const rpmSigTag sigTag)

View File

@ -21,7 +21,7 @@
Summary: The RPM package management system Summary: The RPM package management system
Name: rpm Name: rpm
Version: %{rpmver} Version: %{rpmver}
Release: 1%{?dist} Release: 2%{?dist}
Group: System Environment/Base Group: System Environment/Base
Url: http://www.rpm.org/ Url: http://www.rpm.org/
Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2 Source0: http://rpm.org/releases/rpm-4.7.x/%{name}-%{srcver}.tar.bz2
@ -42,6 +42,10 @@ Patch3: rpm-4.6.0-fedora-specspo.patch
Patch200: rpm-4.7.1-bugurl.patch Patch200: rpm-4.7.1-bugurl.patch
Patch201: rpm-4.7.0-extra-provides.patch Patch201: rpm-4.7.0-extra-provides.patch
Patch202: rpm-4.7.1-python-bytecompile.patch Patch202: rpm-4.7.1-python-bytecompile.patch
Patch203: rpm-4.7.2-sign-passcheck.patch
Patch204: rpm-4.7.2-rpmfc-unknown.patch
Patch205: rpm-4.7.2-pgp-subkey.patch
Patch206: rpm-4.7.2-chmod-selinux.patch
# These are not yet upstream # These are not yet upstream
Patch301: rpm-4.6.0-niagara.patch Patch301: rpm-4.6.0-niagara.patch
@ -197,6 +201,10 @@ packages on a system.
%patch200 -p1 -b .bugurl %patch200 -p1 -b .bugurl
%patch201 -p1 -b .extra-prov %patch201 -p1 -b .extra-prov
%patch202 -p1 -b .python-bytecompile %patch202 -p1 -b .python-bytecompile
%patch203 -p1 -b .sign-passcheck
%patch204 -p1 -b .rpmfc-unknown
%patch205 -p1 -b .pgp-subkey
%patch206 -p1 -b .chmod-test
%patch301 -p1 -b .niagara %patch301 -p1 -b .niagara
%patch302 -p1 -b .geode %patch302 -p1 -b .geode
@ -411,6 +419,12 @@ exit 0
%doc doc/librpm/html/* %doc doc/librpm/html/*
%changelog %changelog
* Fri Dec 04 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-2
- missing error exit code from signing password checking (#496754)
- dont fail build on unrecognized data files (#532489)
- dont try to parse subkeys and secret keys (#436812)
- fix chmod test on selinux, breaking %%{_fixperms} macro (#543035)
* Wed Nov 25 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1 * Wed Nov 25 2009 Panu Matilainen <pmatilai@redhat.com> - 4.7.2-1
- update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2) - update to 4.7.2 (http://rpm.org/wiki/Releases/4.7.2)
- fixes #464750, #529214 - fixes #464750, #529214